Yes, it is a bad idea (explain)

No, it is not a bad idea (explain)

Other

Someone asked recently if posting our security setups was really such a good idea?

I think doing so is necessary in a forum wherein members are seeking help, and respondents can see at a glance what programs are running. And I also think that around Wilders, many of us wear our security signatures somewhat like a badge of honor.

It's fun to create such signatures, and to maintain them when changes are made. But are they giving away valuable info to potential attackers?

Not all members have their setups in a signature. I'd like to know why?
And for those of you who do list your setups, have you thought about the possible down side?

I think that if someone were to (for whatever reason) target Wilders users than it would probably make it easier knowing what they've got to deal with. However, I don't think any of us are going to be targeted... but you really never know.

You have two kinds of hackers - those who are actually hackers and those who just want to be hackers.

If a true blue hacker wanted into your/my system, they might be able to find a way in, because they know what they are doing. But what does a true hacker really want in my system? Maybe the challenge, but not much else to get. Not true of everyones system, but the point is that you have to know which computer to hack to make it worth your while.

The wannabe hacker, used to be known as names like "script kiddie" etc, they are a different story. Although they would gladly try to hack you, they lack the real skills needed. They lurk in forums and try to learn to become a hacker, but mostly they attempt to use tools to do thier hacking for them. A good router and some decent security in place, and most of these wannabe hackers will be kept out. I am sure some break through sometimes though. Don't believe this? It isn't hard to find forums dedicated to black/white hat topics, and it is easy to find all kinds of threads about noob hackers/crackers trying to "learn the ropes".

The questions I would ask though are:

1. if you post your security publicly, and you are using some decent tools, why would a hacker even want to attempt it when there are much easier victims a dime a dozen out on the net?

2. do you (whomever you are ) actually know how to go about hacking? Do you know how to pick a person out of a forum like this one, and actually know how to target them? Do you think it is just a matter of "oh, I think I will hack that persons computer"?

Ultimately, it isn't hackers that try to break through my perimeter that I would worry about, but rather it is the hacker who dupes you into visiting a website or executing something. When users willingly/unknowningly allow a hole into thier system, the invite the easy hack. That is where personal threats come from IMO.

I voted "NO" for two basic reasons:
- many users on this forum are advanced and very advanced...so at least evaluate their other users - those less advanced - and combos that are published, are often good or excellent example of "how to compose own"
- even if these sets are too hard and make trouble...even if they are changed to other, all these experiences bring as a result positive effects - greater skills and knowledge of security problems.

I've thought about this before too. But the main reason I don't list mine anymore is because it can make you come across as a fan boy, and unobjective when giving an assessment of something. Some people will hate you on and respond rudely simply because you have a rival product in your sig.

And for some people, I think, their setup changes so often that updating their sigs accordingly would be a FT job.

I think it can be very useful to list your OS though. This can allow some knowledgeable members to help you troubleshoot issues.

FWIW,most setups that people show off here, are so rehashed over and over,I dont think people even realize this But if it makes you sleep better at night,go for it!

I just think too many here,advertise their setups waaaay too much. Whats the point if you spend so much time here @ Wilders? Wilders doesnt have any malware,etc etc. Use the PC for what it was intended for! You surely dont need a secure setup to browse Wilders all the time.

Like so many other questions, the answer depends on what you do with the internet. A lot of people use a common name in different forums so they're easy to recognize. Whgile there may be nothing about Wilders that would make an adversary target you based on what you post here, it's just one of many forums. If you use the same name on several forums, you're easy to find. The details you release here added to the details you released at several other forums might be enough for someone to make an educated guess as to how to infiltrate or attack you. The possible reasons for attacking you are as varied as the forums you frequent. Do your views step on anyone's toes? Being hacked isn't much different that street crime. The smallest things can make the wrong person mad. If you start with the assumption that all software (including security apps) is vulnerable in some way, posting your setup saves a potential attacker the time of finding out what you use, and if any known vulnerabilities exist for some part of your package. Do you support a hacking group like Anonymous or Lulzsec? Some of those they targeted might be interested in you. Have you expressed disgust with those groups methods? They might be interested. The bottom line is that you don't know just what might be a reason for someone to take an interest in you, so why make it any easier for them?

When I was saying that it may be a bad idea I was basically saying what noone_particular is talking about. You never know when you're going to piss off a hacker and some of them might just be willing to go after you.

When I was saying that it may be a bad idea I was basically saying what noone_particular is talking about. You never know when you're going to piss off a hacker and some of them might just be willing to go after you.

Click to expand...

If someone is worried about something like that just post a phony setup,that ought to through things off.
Personally I'm not concerned if someone knows my setup (obviously)